Dear colleagues and friends, good morning.

At the outset, thank you for the invitation of the Singapore Government, and it gives me great pleasure to come back to Singapore International Cyber Week.

The theme of this panel is “Advancing Rules, Norms and Standards in Cyberspace: The Way Forward”, which comes at the right time in face of the changing and turbulent cyberspace.

With the exponential development of a new round of scientific and technological revolution, cyberspace has deeply intertwined with the real world, geopolitical conflicts and cyber confrontation mutually interacting and overlapping, and risks and challenges in cyberspace have become more complex and diverse. This has made it increasingly difficult for all parties to uphold the existing system of norms, rules and principles in cyberspace and brought more uncertainties to the way forward.

We are at a critical crossroads. Before choosing the way forward, we need to reflect on three questions about international rules on cybersecurity.

The first question: are we still in the same international system？

Cybersecurity is a global issue and requests a global solution. But some countries, out of their geopolitical interests, have walked away from true multilateralism, and adopted a confrontational, small-group approach to global issues.

Take ransomware as an example. The growing threat of ransomware organizations has become a common challenge for all. But in 2021, some countries put forward a “Counter Ransomware Initiative”, and deliberately excluded certain countries including China. Interestingly, senior US government officials have been busy hyping up the so-called “Volt Typhoon” hacking group, which, as they put it, has allegedly “launched cyber attacks against critical infrastructure in Guam”. However, according to a series of reports published by National Computer Virus Emergency Response Center of China (CVERC)，this group is an international ransomware organization. The truth of “Volt Typhoon”is that US intelligence agencies and cybersecurity companies conspired to spread misinformation about China in exchange of congressional budget and government contracts.

The security of undersea cables is another example. During this year’s UNGA, individual country, along with its allies, issued a joint statement on the security of undersea cables, attempting to copy its unreasonable suppression of Chinese 5G companies in the past few years in digital infrastructure. We understand that this is more of a political statement, and not all countries joining this statement have a lack of confidence in China’s ICT products. However, it must be pointed out that the initiator of this statement, which takes up the largest share in undersea cable market, is the only country proved to have conducted long-term surveillance and interception of data through undersea cables. The country that has been selling so-called “Clean Network” is the one that poses the greatest threat to global cyber and data security.

Artificially divided supply chains and carefully organized small groups may ultimately lead to deeper global division. When talking about the way forward, we first need to think about this fundamental question that whether we are in the same international system. Different answers will lead to completely different directions.

The second question: do we apply the same set of rules？

After years of strenuous discussion, the UN has successfully adopted the framework for responsible State behaviour in the use of ICTs, which is the most important achievement of UN cybersecurity processes and the only universally recognized international rules in cyberspace.

However shortly after that, we regret to see that individual country brazenly violated these commitments and claimed that other countries’ critical infrastructure are legitimate targets under certain circumstances. Considering that this country has invested the most and owns the strongest cyber military capabilities, and has been pursuing an aggressive cyber strategy on top of that, this will undoubtedly put global critical infrastructure at great risk.

For China, this risk has been proven to be a real threat. According to reports from relevant Chinese cybersecurity agencies and companies, the US government has deployed hacker groups such as APT-C-39 and APT-C-40 to carry out long-term malicious activities such as pre-positioning access against global CI, including those in China.

CI security is a common concern of all. Whether in China, Europe, Singapore, the United States, or other countries, the development of digital economy and society have become highly dependant on CI security. Recognizing and accepting this vulnerability is crucial for countries, especially major powers, to jointly maintain peace and stability in cyberspace by formulating and adhering to the same set of rules. No country should think that it can unilaterally define rules from a position of strength. China is willing to engage in dialogue with all, including the US, on the basis of equality and mutual respect, to build consensus on common rules and security boundaries.

The third question: should we ensure the security of digital supply chains in an open or closed market？

The recent pager explosion in Lebanon has shocked the world. Although technical details are yet to be verified, such incidents that combine cyber and physical attacks and cause indiscriminate harm have truly broken the barrier between cyberspace and the physical world, and raised serious concerns about digital supply chain security.

The explosion has refreshed our memories of what happened in the past in this region. The “Stuxnet” incident many years ago was a typical case of wreaking physical damage through the means of ICTs. It is hard to say who is the teacher, and who is the student among countries that carried out these operations. But it seems that one of those country is busy convincing the world that a so-called “clean” digital supply chain should be set up.

I can also give you another example, which is about 5G supply chain. For many years, some countries have spared no effort in fabricating so-called 5G supply chain security issue, in an attempt to force other countries to exclude China’s products and services. But over the years, we have never seen this country provide any credible evidence.

This brings us to a conclusion, that certain country’s ferocious suppression and exclusion of Chinese companies is simply because Chinese companies have restrained them from “pre-positioning access” in global supply chains. Not long ago, the CrowdStrike incident has caused widespread damage and significant economic losses worldwide. Many industry insiders believe that if such cyber attack was intentionally carried out, the impact may be even worse. We all need to think about what responsibilities that leading digital companies need to shoulder in maintaining global cybersecurity.

When we connect these dots, countries that have initiated or been forced to join in dividing and blocking supply chains should seriously evaluate their own security status and think about this question：are we in a better position to ensure the security of digital supply chains in a more open market？

For these three questions, I believe everyone will have their own thoughts. I am not planning to sell you a so-called correct answer today. But our choices will collectively determine the way forward for future rules in cyberspace.

Dear colleagues and friends,

The Third Plenary Session of the 20th CPC Central Committee confirms once again that Chinese modernization will be achieved through peaceful development, which determines the basic logic and strategic intention of China’s foreign policy. Based on this, China’s answers to the three questions are clear, firm, and consistent.

First, we stay committed to maintaining and strengthening the existing international system. China will firmly support an equal and orderly multipolar world and a universally beneficial and inclusive economic globalization, and actively participate in the reform and construction of the global cyber and digital governance system.

Second, we will firmly uphold and consolidate common international rules. A country can not base its own security on the insecurity of others. Upholding the security of CI requires all countries to jointly develop and abide by the same set of international rules.

Third, we are dedicated to maintaining the safety and security of global supply chains in an open, fair and non-discriminatory market environment. National security needs clear boundaries set in a reasonable manner. As a responsible major country, and an economy with advanced digital industry, and a provider with good records, China is ready to provide a more open, safe and secure alternative for cyber and digital supply chains for all.

Thank you!